CWE:
 

Tytuł
Data
Autor
Low
SitePad 1.8.2 Cross Site Scripting
22.02.2024
tmrswrr
Med.
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
22.02.2024
Johannes Volpel
Low
SPA-CART CMS - Stored XSS
20.02.2024
Eren Sen
Med.
WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution
20.02.2024
prodigiousMind
Low
InstantCMS 2.16.1 Cross Site Scripting
20.02.2024
SoSPiro
Low
Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting
20.02.2024
Eren Sen
Low
Statamic CMS Cross Site Scripting
18.02.2024
Niklas Schilling
High
Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload
15.02.2024
Andrey Stoykov
Low
Wordpress simple urls Plugin < 115 XSS
15.02.2024
AmirZargham
Low
Advanced Page Visit Counter 1.0 Cross Site Scripting
10.02.2024
Furkan Ozer
Low
GYM MS 1.0 Cross Site Scripting
07.02.2024
yozgatalperen1
Low
WhatsUp Gold 2022 (22.1.0 Build 39) XSS
06.02.2024
Andreas Finstad
Low
WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting
06.02.2024
Andreas Finstad
Low
MISP 2.4.171 Cross Site Scripting
06.02.2024
Mucahit Ceri
Med.
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
13.01.2024
Ulyses Saicha
Low
PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting
11.01.2024
Rahad Chowdhury
Low
PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection
11.01.2024
Rahad Chowdhury
Low
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
11.01.2024
Rahad Chowdhury
Low
iGalerie 3.0.22 Cross Site Scripting
10.01.2024
tmrswrr
Low
WebCalendar 1.3.0 Cross Site Scripting
03.01.2024
tmrswrr
Low
WhatACart 2.0.7 Cross Site Scripting
27.12.2023
tmrswrr
Low
ShopSite 14.0 Cross Site Scripting
26.12.2023
tmrswrr
Low
GaatiTrack Courier Management System 1.0 Cross Site Scripting
20.11.2023
Rahad Chowdhury
Low
Shuttle Booking Software 2.0 Cross Site Scripting
20.11.2023
Rahad Chowdhury
Low
Moodle 4.3 Cross Site Scripting
23.10.2023
tmrswrr
Med.
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
13.10.2023
James Golovich
Low
WordPress Sonaar Music 4.7 Cross Site Scripting
10.10.2023
Furkan Karaarslan
Low
WordPress KiviCare 3.2.0 Cross Site Scripting
05.10.2023
Arvandy
Med.
SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect
03.10.2023
Fabian Hagg
Low
openVIVA c2 20220101 Cross Site Scripting
03.10.2023
Daniel Hirschberger
Low
WordPress Contact Form Generator 2.5.5 Cross Site Scripting
03.10.2023
Arvandy
Med.
OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation
25.09.2023
Yasar Klawohn
Low
Taskhub 2.8.8 Cross Site Scripting
24.09.2023
nu11secur1ty
Low
Night Club Booking Software 1.0 Cross Site Scripting
18.09.2023
nu11secur1ty
Low
Italia Mediasky CMS 2.0 Cross Site Scripting
18.09.2023
indoushka
Low
PTC - Codebeamer Cross Site Scripting
18.09.2023
Niklas Schilling
Low
Academy LMS 6.2 Cross Site Scripting
15.09.2023
CraCkEr
Med.
WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection
13.09.2023
Lana Codes
Low
Cinema Booking System 1.0 Cross Site Scripting
10.09.2023
nu11secur1ty
Low
Event Booking Calendar 4.0 Cross Site Scripting
10.09.2023
nu11secur1ty
Low
Wordpress Sonaar Music Plugin 4.7 - Stored XSS
09.09.2023
Furkan Karaarslan
Low
Axigen 10.5.0&#8211;4370c946 Cross Site Scripting
09.09.2023
AmirZargham
Low
Axigen 10.5.0&#8211;4370c946 Cross Site Scripting
09.09.2023
AmirZargham
Low
CSZ CMS 1.3.0 Cross Site Scripting
04.09.2023
Daniel Gonzalez
Low
PHP JABBERS PHP Review Script 1.0 Cross Site Scripting
31.08.2023
nu11secur1ty
Low
Jorani 1.0.3 Cross Site Scripting
28.08.2023
nu11secur1ty
Low
User Registration And Login And User Management System 3.0 Cross Site Scripting
24.08.2023
Ashutosh Singh Umath
Low
Uvdesk 1.1.4 Cross Site Scripting
24.08.2023
Hubert Wojciechowski
Low
E-partenaire LMS 1.0.0 Cross Site Scripting
19.08.2023
indoushka
Low
Blood Donor Management System 1.0 Cross Site Scripting
16.08.2023
Ehlullah Albayrak
High
Hyip Rio 2.1 Cross Site Scripting / File Upload
16.08.2023
CraCkEr
Low
Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting
15.08.2023
T. Weber
Med.
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
15.08.2023
T. Weber
Low
Webedition CMS v2.9.8.8 Stored XSS
13.08.2023
Mirabbas Ağalarov
Low
Dolibarr 17.0.1>x Stored XSS
11.08.2023
Furkan Karaarslan
Low
Joomla VirtueMart Shopping Cart 4.0.12 Reflected XSS
11.08.2023
CraCkEr
Low
JLex GuestBook 1.6.4 Reflected XSS
10.08.2023
CraCkEr
Low
Lucee 5.4.2.17 Cross Site Scripting
09.08.2023
Yehia Elghaly
Low
WordPress Ninja Forms 3.6.25 Cross Site Scripting
08.08.2023
Mehran Seifalinia
Low
Webedition CMS 2.9.8.8 Cross Site Scripting
06.08.2023
Mirabbas Agalarov
Low
mooSocial 3.1.8 - Reflected XSS
05.08.2023
CraCkEr
Low
Social-Commerce 3.1.6 - Reflected XSS
05.08.2023
CraCkEr
Low
PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS
03.08.2023
CraCkEr
Low
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
03.08.2023
CraCkEr
Med.
OX App Suite SSRF / SQL Injection / Cross Site Scripting
03.08.2023
Mehmet Ince
Low
PHPJabbers Taxi Booking 2.0 Cross Site Scripting
03.08.2023
CraCkEr
Low
PHPJabbers Cleaning Business 1.0 Cross Site Scripting
03.08.2023
CraCkEr
Low
PHPJabbers Service Booking Script 1.0 Cross Site Scripting
03.08.2023
CraCkEr
Low
PHPJabbers Night Club Booking 1.0 Cross Site Scripting
03.08.2023
CraCkEr
Low
PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting
03.08.2023
CraCkEr
Low
Perch CMS 3.2 Cross Site Scripting
02.08.2023
Andrey Stoykov
Low
Joomla JLex GuestBook 1.6.4 Cross Site Scripting
02.08.2023
CraCkEr
Low
Joomla JLex Review 6.0.1 Cross Site Scripting
01.08.2023
CraCkEr
Low
JLex GuestBook 1.6.4 - Reflected XSS
01.08.2023
CraCkEr
Low
Zomplog 3.9 Cross-site scripting (XSS)
31.07.2023
Mirabbas Ağalarov
Low
Joomla iProperty Real Estate 4.1.1 Cross Site Scripting
31.07.2023
CraCkEr
Low
Copyparty 1.8.6 Cross Site Scripting
31.07.2023
Vartamtezidis Theodoro...
Low
Joomla Solidres 2.13.3 - Reflected XSS
29.07.2023
CraCkEr
Low
Joomla iProperty Real Estate 4.1.1 - Reflected XSS
29.07.2023
CraCkEr
Low
Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS
27.07.2023
CraCkEr
Low
WordPress PrePost SEO 3.0 Cross Site Scripting
27.07.2023
Taurus Omar
Low
WordPress Tablesome Cross Site Scripting
27.07.2023
Taurus Omar
Low
WordPress Login Configurator 2.1 Cross Site Scripting
27.07.2023
Taurus Omar
Low
ETSI WEBstore 2023 Cross Site Scripting
26.07.2023
Vulnerability Laborato...
Low
mooDating 1.2 Cross Site Scripting
25.07.2023
CraCkEr
Low
WordPress SEO Alert 1.59 Cross Site Scripting
25.07.2023
Taurus Omar
Low
Joomla VirtueMart Shopping-Cart 4.0.12 Cross Site Scripting
25.07.2023
CraCkEr
Low
Joomla HikaShop 4.7.4 Cross Site Scripting
25.07.2023
CraCkEr
Low
Perch v3.2 Stored XSS
21.07.2023
Mirabbas Ağalarov
Low
ProjeQtOr Project Management System v10.4.1 Multiple XSS
21.07.2023
Mirabbas Ağalarov
High
Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting
21.07.2023
CraCkEr
High
Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting
21.07.2023
CraCkEr
Low
Tiva Events Calender 1.4 Cross Site Scripting
19.07.2023
Vulnerability Laborato...
Low
Vacation Rental 1.8 Stored Cross-Site Scripting (XSS)
19.07.2023
CraCkEr
Low
Montage 1.0 Cross Site Scripting
18.07.2023
CraCkEr
Low
Wedding Wonders 1.0 Cross Site Scripting
18.07.2023
CraCkEr
Low
Ekushey Project Manager CRM 5.0 Cross Site Scripting
13.07.2023
CraCkEr
Low
WebsiteBaker v2.13.3 Stored XSS
06.07.2023
Mirabbas Ağalarov
Low
Sales of Cashier Goods v1.0 Cross Site Scripting (XSS)
06.07.2023
Amirhossein Bahramizad...
Low
Piwigo v13.7.0 Stored Cross-Site Scripting (XSS) (Authenticated)
06.07.2023
Okan Kurtulus


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-02-26
Waiting for details
CVE-2024-1871

Updating...
 

 
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2024-0435

Updating...
 

 
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance.

 
Waiting for details
CVE-2023-43051

Updating...
 

 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267451.

 
Waiting for details
CVE-2023-38359

Updating...
 

 
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744.

 
2024-02-23
Waiting for details
CVE-2024-1822

Updating...
 

 
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2024-1825

Updating...
 

 
A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src="1" onerror="console.log(1)"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability.

 
Waiting for details
CVE-2024-1834

Updating...
 

 
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.

 
Waiting for details
CVE-2024-27133

Updating...
 

 
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

 
Waiting for details
CVE-2024-27132

Updating...
 

 
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.

 
2024-02-22
Waiting for details
CVE-2024-1749

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top